Prerequisite Knowledge

Description

The advent of the cloud has brought a number of changes to the world, enabling a new level of agility and capability for organizations that was previously only accessible to elite technology companies. Now, any business has access to world-class infrastructure and scale with just a few clicks or API calls, creating a vehicle for new ideas and services to spring forth into the world. However, with this great power came great responsibility — security responsibility.

In traditional operating environments, perimeter security controls and pervasive appliance-based security tools dominate the conversation. When the control of complex infrastructure moved outside IT and outside the company datacenter, however, the methodology by which we secure infrastructure changed forever:

Manual security scans must be replaced by automated, self-inspecting audits

Traditional audits by hand are no longer sufficient due to the high rate of change in programmatic infrastructures (CI/CD changed the game!)

Host-based security solutions are moving to the wayside as services dominate the landscape — you can’t install an agent on an API-defined service offering

Humans can’t possibly keep up with the mass of security telemetry data we now have available, so computers must handle the brunt of it.

There are also exciting new capabilities that never existed before — on-demand scaling, microperimeterization of security controls, per-resource granular security policies, and much more that can be used advantageously in complex environments. These controls can be tightly integrated to your CI/CD pipeline and become operationalized much like monitoring, APM, and other tools that DevOps teams live by. We’ll explore how to integrate the ecosystem of technologies to create a true SecDevOps practice.

Tim Prendergast

Evident.io

Tim co-founded Evident.io to help others avoid the pain he endured when helping Adobe adopt the cloud at a massive level. After years of building, operating, and securing services in AWS, he set out to make security approachable and repeatable for companies of all sizes.

Tim led technology teams at Adobe, Ingenuity, Ticketmaster, and McAfee.